fix(transport): handle duplicate intro packets during gateway handshake

When a peer restarts with a new identity, the gateway correctly detects this (issue #2277 fix) and creates a new gateway_connection. However, the peer sends multiple RSA intro packets for NAT traversal reliability. After the first intro triggers the new gateway_connection, subsequent intro packets get routed to the ongoing handler instead of being ignored. The handler expected a symmetric ACK response but received a 256-byte RSA intro packet, causing "invalid symmetric key" error. This fix modifies the gateway_connection to: 1. Wait for packets in a loop with a deadline 2. Ignore 256-byte packets (likely duplicate RSA intros) 3. Continue waiting for the real symmetric ACK response 4. Only error out after the deadline expires Fixes #2292 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Author: sanity

crates/core/src/transport/connection_handler.rs

@@ -893,32 +893,68 @@ impl<S: Socket> UdpPacketsListener<S> {
  .await
  .map_err(|_| TransportError::ChannelClosed)?;
 
- // wait until the remote sends the ack packet
- let timeout = tokio::time::timeout(Duration::from_secs(5), next_inbound.recv_async());
- match timeout.await {
- Ok(Ok(packet)) => {
- let _ = packet.try_decrypt_sym(&inbound_key).map_err(|_| {
- tracing::debug!(
- peer_addr = %remote_addr,
- direction = "inbound",
- packet_len = packet.data().len(),
- "Failed to decrypt packet with inbound key"
- );
- TransportError::ConnectionEstablishmentFailure {
- cause: "invalid symmetric key".into(),
- }
- })?;
- }
- Ok(Err(_)) => {
- return Err(TransportError::ConnectionEstablishmentFailure {
- cause: "connection closed".into(),
- });
- }
- Err(_) => {
+ // Wait for the remote to send the ACK packet.
+ // Issue #2292: The peer may send multiple RSA intro packets for NAT traversal reliability.
+ // These duplicate intro packets (256 bytes) arrive on the ongoing_gw_connections channel
+ // and would fail symmetric decryption. We must ignore them and wait for the real ACK.
+ let deadline = tokio::time::Instant::now() + Duration::from_secs(5);
+ loop {
+ let remaining = deadline.saturating_duration_since(tokio::time::Instant::now());
+ if remaining.is_zero() {
  return Err(TransportError::ConnectionEstablishmentFailure {
  cause: "connection timed out waiting for response".into(),
  });
  }
+
+ let timeout_result =
+ tokio::time::timeout(remaining, next_inbound.recv_async()).await;
+
+ match timeout_result {
+ Ok(Ok(packet)) => {
+ // Issue #2292: Check if this is a duplicate RSA intro packet (256 bytes).
+ // The peer sends multiple intro packets for reliability during NAT traversal.
+ // After we detect a new identity and create a new gateway_connection,
+ // these duplicate intros get routed here instead of creating another connection.
+ // We must ignore them and continue waiting for the actual ACK response.
+ if packet.data().len() == RSA_INTRO_PACKET_SIZE {
+ tracing::debug!(
+ peer_addr = %remote_addr,
+ direction = "inbound",
+ packet_len = packet.data().len(),
+ "Ignoring 256-byte packet during gateway handshake (likely duplicate RSA intro)"
+ );
+ continue;
+ }
+
+ // Try to decrypt as symmetric ACK response
+ match packet.try_decrypt_sym(&inbound_key) {
+ Ok(_) => {
+ // Successfully decrypted - this is the ACK we're waiting for
+ break;
+ }
+ Err(_) => {
+ tracing::debug!(
+ peer_addr = %remote_addr,
+ direction = "inbound",
+ packet_len = packet.data().len(),
+ "Failed to decrypt packet with inbound key, continuing to wait"
+ );
+ // Continue waiting for a valid ACK
+ continue;
+ }
+ }
+ }
+ Ok(Err(_)) => {
+ return Err(TransportError::ConnectionEstablishmentFailure {
+ cause: "connection closed".into(),
+ });
+ }
+ Err(_) => {
+ return Err(TransportError::ConnectionEstablishmentFailure {
+ cause: "connection timed out waiting for response".into(),
+ });
+ }
+ }
  }
 
  let sent_tracker = Arc::new(parking_lot::Mutex::new(SentPacketTracker::new()));